diff --git a/docs/generated/reference/output/reference/api-docs/index.html b/docs/generated/reference/output/reference/api-docs/index.html index 5a4ff9791..c988f0a01 100755 --- a/docs/generated/reference/output/reference/api-docs/index.html +++ b/docs/generated/reference/output/reference/api-docs/index.html @@ -148,7 +148,7 @@ Appears In: notAfter
Time - +The expiration time of the certificate stored in the secret named by this resource in spec.secretName. diff --git a/pkg/apis/certmanager/v1alpha1/types_certificate.go b/pkg/apis/certmanager/v1alpha1/types_certificate.go index f07b2c454..13fa14364 100644 --- a/pkg/apis/certmanager/v1alpha1/types_certificate.go +++ b/pkg/apis/certmanager/v1alpha1/types_certificate.go @@ -103,7 +103,10 @@ type ACMECertificateConfig struct { type CertificateStatus struct { Conditions []CertificateCondition `json:"conditions,omitempty"` LastFailureTime *metav1.Time `json:"lastFailureTime,omitempty"` - NotAfter *metav1.Time `json:"notAfter,omitempty"` + + // The expiration time of the certificate stored in the secret named + // by this resource in spec.secretName. + NotAfter *metav1.Time `json:"notAfter,omitempty"` } // CertificateCondition contains condition information for an Certificate. diff --git a/pkg/issuer/acme/issue.go b/pkg/issuer/acme/issue.go index 04250aa8a..dd2c25a6f 100644 --- a/pkg/issuer/acme/issue.go +++ b/pkg/issuer/acme/issue.go @@ -182,9 +182,6 @@ func (a *Acme) Issue(ctx context.Context, crt *v1alpha1.Certificate) (issuer.Iss return a.retryOrder(crt, existingOrder) } - metaExpireTime := metav1.NewTime(x509Cert.NotAfter) - crt.Status.NotAfter = &metaExpireTime - if a.Context.IssuerOptions.CertificateNeedsRenew(x509Cert) { // existing order's certificate is near expiry return a.retryOrder(crt, existingOrder) diff --git a/pkg/issuer/vault/BUILD.bazel b/pkg/issuer/vault/BUILD.bazel index 703ee4aec..3922554b1 100644 --- a/pkg/issuer/vault/BUILD.bazel +++ b/pkg/issuer/vault/BUILD.bazel @@ -20,7 +20,6 @@ go_library( "//vendor/github.com/hashicorp/vault/api:go_default_library", "//vendor/github.com/hashicorp/vault/helper/certutil:go_default_library", "//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library", - "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//vendor/k8s.io/client-go/listers/core/v1:go_default_library", ], ) diff --git a/pkg/issuer/vault/issue.go b/pkg/issuer/vault/issue.go index afe5fd18b..f15c2352e 100644 --- a/pkg/issuer/vault/issue.go +++ b/pkg/issuer/vault/issue.go @@ -36,7 +36,6 @@ import ( "github.com/jetstack/cert-manager/pkg/util/kube" "github.com/jetstack/cert-manager/pkg/util/pki" k8sErrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) const ( @@ -104,9 +103,6 @@ func (v *Vault) obtainCertificate(ctx context.Context, crt *v1alpha1.Certificate return nil, nil, nil, err } - metaExpireTime := metav1.NewTime(time.Now().Add(defaultCertificateDuration)) - crt.Status.NotAfter = &metaExpireTime - keyBytes, err := pki.EncodePrivateKey(signeeKey) if err != nil { return nil, nil, nil, err diff --git a/pkg/util/pki/BUILD.bazel b/pkg/util/pki/BUILD.bazel index abb4f7c39..5936b0526 100644 --- a/pkg/util/pki/BUILD.bazel +++ b/pkg/util/pki/BUILD.bazel @@ -12,7 +12,6 @@ go_library( deps = [ "//pkg/apis/certmanager/v1alpha1:go_default_library", "//pkg/util/errors:go_default_library", - "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", ], ) diff --git a/pkg/util/pki/csr.go b/pkg/util/pki/csr.go index ee4442da5..0c059df5b 100644 --- a/pkg/util/pki/csr.go +++ b/pkg/util/pki/csr.go @@ -28,7 +28,6 @@ import ( "time" "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) // CommonNameForCertificate returns the common name that should be used for the @@ -150,10 +149,6 @@ func GenerateTemplate(issuer v1alpha1.GenericIssuer, crt *v1alpha1.Certificate) keyUsages |= x509.KeyUsageCertSign } - expireTime := time.Now().Add(defaultNotAfter) - metaExpireTime := metav1.NewTime(expireTime) - crt.Status.NotAfter = &metaExpireTime - return &x509.Certificate{ Version: 3, BasicConstraintsValid: true, @@ -165,7 +160,7 @@ func GenerateTemplate(issuer v1alpha1.GenericIssuer, crt *v1alpha1.Certificate) CommonName: commonName, }, NotBefore: time.Now(), - NotAfter: expireTime, + NotAfter: time.Now().Add(defaultNotAfter), // see http://golang.org/pkg/crypto/x509/#KeyUsage KeyUsage: keyUsages, DNSNames: dnsNames,